Horizon dashboard and Ldap user listing results to 504 Gateway Time Out

Solution In Progress - Updated -

Environment

Red Hat OpenStack Platform 13.0

Issue

  • When integrating LDAP with openstack keystone times while fetching user list from LDAP server.
  • It results in 504 Gateway Time-Out

Resolution

  • If using a LDAP back-end for authentication, add the following clause in /etc/openldap/ldap.conf on all controller nodes.
NETWORK_TIMEOUT 2
  • Then we need to modify haproxy.cfg file on all controllers (file path: /var/lib/config-data/puppet-generated/haproxy/etc/haproxy/haproxy.cfg)
defaults
  log  global
  maxconn  8192      <=====
...
  timeout  connect 10s
  timeout  client 20m   <=====
  timeout  server 20m   <=====
...
  • Early configuration should be as below
defaults
  log  global
  maxconn  4096
  mode  tcp
  retries  3
  timeout  http-request 10s
  timeout  queue 2m
  timeout  connect 10s
  timeout  client 2m
  timeout  server 2m
  timeout  check 10s
  • After modification it will look like below
defaults
  log  global
  maxconn  8192
  mode  tcp
  retries  3
  timeout  http-request 10s
  timeout  queue 2m
  timeout  connect 10s
  timeout  client 20m
  timeout  server 20m
  timeout  check 10s
  • Finally, restart keystone and haproxy:
docker restart keystone  <<<<<< all controller node
pcs resource restart haproxy-bundle
  • This can also be done via THT parameters to keep this changes permenant
 (overcloud) [stack@undercloud-0 ~]$ cat virt/haproxy_cfg.yaml 
 parameter_defaults:
 ControllerExtraConfig:
     tripleo::haproxy::haproxy_defaults_override:
     timeout:
         - 'http-request 10s'
         - 'queue 2m'
         - 'connect 10s'
         - 'client 20m'                                 
         - 'server 20m'                                 
         - 'check 10s'
     maxconn: 8192                                      

Root Cause

  • Keystone times out before the details are fetched from LDAP server

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.